Windows Authentication not working as desired

[Apple-Fan]

I’ve developed an intranet web project for authenticating the windows mode.
How I actually wanted it to work is: Users make calls from their office, data’s loaded in SQL server. Once the user log ins on his system, he goes to Internet explorer and types in the URL for call Log.

Here no authentication is provided, system should directly show him what he desires to view.

But here, windows mode authentication fails and it shows the log in page again. Also, it doesn’t accept the windows[Domain user] account, it fails.
I’ve don’t the following things, anything else required?

1) web.config: Authentication Mode: windows

2) IIS 6.0-concern website-Properties-Directory security-selected the integrated windows authentication.

[Baijayanthi]

Is it like, their Kerberos credential challenge as Login page or did you create a login page separately?

On Internet Explorer browser, there is another setting:
1. Click on Internet Options
2. Security Tab
3. Custom Level button
4. Select third option for logging on automatically. (Automatic logon with current username and password).

In IIS, you will only enable windows authentication... Rest all will be disabled. That will take care of it.

[Apple-Fan]

Look, the scenario is like: some users have windows account in active directly and some of them do not have window account.
For those who don’t have windows account in active directory, they create log in account on their own and log in through Login.aspx page.
Now, the problem is that even users who have windows account are asked for log in Id.
I had enabled only Integrated Windows Authentication [in DirectorySecurity->AuthenticationandAccessControl], But It doesn't work.

What is the case of Enable anonymous access ? Is it enabled or disabled?
Username: IUSR_WEBSERVER-SEC-WPV01
Password: Password
What is it used for?

[Baijayanthi]

Ok! I would deal with this issue by implementing the following things.
1. On login, find the user whether he is available in Active Directory or not.
2. Create two methods : one is for db user, one is for active directory login
3. Access that particular method based on step 1.
Would you need the code for this?

As you have asked, the anonymous access should be set to disabled.
The username and password will be used for anonymous login.
This is the Service user of that application pool.

[Apple-Fan]

Thanks a ton buddy!

I understood the logic behind it.

Wanted to ask you: How will the ISS know where to check the Domain Server or is it like Domain Server holding the active directory should be mentioned. If yes, where?

[Baijayanthi]

If what you want is to provide a login via a database and active directory you will not want to use authentication in the web

You should be using form authentication in the web.config.

I have setup my intranet in a way that the IIS has windows authentication with anonymous access disabled and forms authentication set in my webconfig and useof custom roles to restrict access to pages in the web.config.
I also use application_authenticate and take the current logged on user and assign their roles.

Login pages can also be used. If an user has no access to a page he is redirected to the ‘login page’ and an alternate login database can be provided.